Red Touch

Menu

PhishFightER

Security Awareness Training

Equip your organization with the knowledge and skills to safeguard from cyber threats.

Enhance Email Threat Identification and Response with PhishFightER

PhishFightER, your indispensable tool for swift security incident response, offers automatic email prioritization, enabling your InfoSec and Security Operations team to swiftly discern and address the most perilous threats amid the email noise.

The PhishFightER Dashboard

Given that phishing attacks remain the predominant cyber threat vector, most end users frequently report email messages that appear potentially malicious to your incident response team.

Whether or not you conduct security awareness training for your employees, the reality remains that users often report emails they suspect could be hazardous within your organization. This surge in email traffic presents a new challenge.

Amidst the barrage of spam and malicious emails infiltrating your network, around 7-10% successfully bypass your filters. However, merely 1 in 10 user-reported emails are confirmed as genuinely malicious. So, the question arises: how can you not only address high-risk phishing threats effectively but also efficiently manage the remaining 90% of user-reported messages? The answer is PhishFightER.

Unveiling PhishFightER

PhishFightER plays a pivotal role in your essential security workflow. It serves as your agile Security Orchestration, Automation, and Response (SOAR) platform, facilitating the orchestration of your response to potential email threats reported by users. With its automatic email prioritization feature, PhishFightER empowers your InfoSec and Security Operations team to swiftly cut through the clutter and react promptly to the most critical threats.

Moreover, PhishFightER enables you to automate the handling of the 90% of reported emails that do not pose threats. Incident Response (IR) orchestration brings immediate efficiency to your security team, and the potential benefits extend even further.

With the right strategy and planning, your organization can construct a fully orchestrated and intelligent Security Operations Center (SOC) to counter contemporary threats. PhishFightER contributes a crucial element in harmonizing your IR teams’ efforts to mitigate phishing risks and is suitable for any organization seeking to accurately and expeditiously prioritize and manage potentially malicious messages. PhishFightER is available as a standalone product or as an add-on option for existing KnowBe4 customers.

Why Opt for PhishFightER?

PhishFightER is a straightforward, web-based platform with essential workflow functionalities, functioning as your “phishing emergency room” for evaluating and responding to user-reported messages. It streamlines the process of identifying legitimate messages from suspicious ones, enabling your team to act swiftly. With PhishFightER, your team can efficiently prioritize, assess, and manage a high volume of email messages. The objective is to automate the prioritization of as many messages as possible, with the flexibility to review PhishFightER’s recommended focus points and take the desired actions.

Through PhishFightER Security Roles, you can easily allocate the workload for email analysis and dispositioning within the platform. Utilize Limited and Full access Security Roles to establish a multi-tiered incident response system based on the severity levels of user-reported messages in PhishFightER.

PhishFightER efficiently manages user-reported phishing and other dubious emails by applying rules, tags, and actions to group and categorize them. Within this process, the custom machine-learning module, PhishML, evaluates the messages and produces confidence values, which are then utilized to tag these messages. To bolster security, PhishRIP simplifies the identification and quarantine of suspicious messages that may still linger in mailboxes throughout your entire organization. Furthermore, PhishFlip automatically transforms defanged phishing emails into valuable training exercises, converting them into simulated phishing campaigns.

 

key Features

  • Automated Message Prioritization

    PhishFightER streamlines the prioritization of each reported message into one of three categories: Clean, Spam, or Threat. By establishing customizable rules, PhishFightER enables you to automate the prioritization process, minimizing the need for manual intervention.
    With its automated email prioritization for non-threatening messages, PhishFightER facilitates rapid responses to the most critical threats. It seamlessly integrates with KnowBe4's Phish Alert button, allowing users to report suspicious emails, and also functions through email forwarding to a dedicated mailbox. PhishFightER evaluates message attributes and arranges messages based on priority.

  • PhishFighterML

    PhishFightER features PhishFighterML, a machine-learning module that aids in identifying and assessing suspicious messages reported by users at the outset of the prioritization process. PhishFighterML meticulously analyzes every incoming message within the PhishFightER platform, providing valuable insights to enhance the prioritization process, making it faster and more accurate. PhishFighterML continually learns from messages tagged not only by you but also by other members of the PhishFightER user community. This dynamic learning model is regularly updated with new data to enhance its accuracy, resulting in the automatic prioritization of more messages and saving valuable time.

  • Emergency Rooms

    PhishFightER introduces “Emergency Rooms” to assist in identifying similar messages reported by your users. These rooms present pre-filtered views of unresolved messages within your PhishFightER inbox, dynamically organized by commonalities. They offer system pre-filtered views for messages grouped by Top Subject Lines, Top Senders, Top Attachments, and Top URLs. Each Emergency Room is interactive, allowing you to navigate filtered inbox views of messages and take action across all related messages simultaneously. The overview of Emergency Rooms aids in prioritizing rooms based on the volume of messages, highlighting those in need of immediate attention.

  • PhishFighterFlip

    PhishFighterFlip, an innovative PhishFightER feature, enables real-time response to cybercriminals, allowing you to turn the tables on them. With PhishFighterFlip, you can swiftly transform a dangerous attack into a valuable real-world training exercise for your users. PhishFighterFlipidentifies user-reported phishing email threats, which PhishFightER has removed, and converts them into secure simulated phishing campaigns. PhishFighterFlip recreates these real email threats into harmless, look-alike versions and initiates simulated phishing campaigns within your KnowBe4 console. It replaces real phishing emails in your users’ mailboxes with defanged phishing security tests, creating an authentic real-world training experience.

  • Microsoft 365 Blocklist

    With PhishFightER’s Blocklist feature, you can effortlessly create a custom list of blocklist entries tailored to your organization, significantly enhancing the effectiveness of your Microsoft 365 email filters, all within the PhishFightER console. By using reported messages, you can prevent future malicious emails from reaching other users with the same sender, URL, or attachment. PhishFightER Plus Global Blocklist offers a similar feature, powered by a crowd-sourced threat feed to proactively block phishing attacks before they reach your mail server and end up in your users’ inboxes.

  • Data Enrichment Intelligence

    PhishFightER collaborates with external services like VirusTotal to analyze attachments and malicious domains. It utilizes URL Unwinding to automatically expand shortened URLs, providing insights into the potential threat level of the final destination.

  • PhishFighterRIP

    PhishFighterRIP is an email quarantine tool that seamlessly integrates with Microsoft 365 and Google Workspace, aiding in the removal, inoculation, and protection of your organization against email threats, allowing you to swiftly counter active phishing attacks.

    PhishFighterRIP offers the following capabilities:

    • Remove: PhishFightER identifies threats, offering you the option to remove identical or similar messages from all mail folders, including the inbox, sent, or trash folders.
    • Inoculate: For unreported email threats, PhishFighterRIP monitors and detects potentially harmful messages, enabling you to report, quarantine, and analyze them.
    • Protect: After addressing immediate threats, you can thoroughly analyze threat details for ongoing protection. PhishFighterRIP provides options to send messages to affected users, delete messages from their mailboxes, keep messages quarantined, or restore messages identified as legitimate.

  • SOAR

    Understanding SOAR
    Security Orchestration, Automation, and Response (SOAR) is the coordination of automated security tasks across connected security applications and processes.

    Speed remains a challenge, even for proficient security teams. Certain cybersecurity aspects, such as manual data transfers between tools, can be slow and hinder efficiency.

    Instead of dedicating time to identifying threats and prioritizing response efforts, Incident Response (IR) teams and Security Operations Centers (SOCs) often find themselves overwhelmed by an ever-growing workload of repetitive tasks. This not only hampers your team’s efficiency but also creates the risk of threats slipping through the cracks.

    SOAR comprises two key components:

    • Orchestration: Security orchestration involves connecting and integrating various security applications and processes.
    • Automation: Security automation automates tasks in machine-based security applications that would typically require manual handling by a cybersecurity professional.

  • SIEM Integrations

    PhishFightER’s API integration allows you to connect PhishFightER with your existing security infrastructure, maximizing your security investments. This integration offers bi-directional API connectivity to your current security stack, including Security Information and Event Management (SIEM) solutions, detection tools, ticketing systems, and more.

    PhishFightER also seamlessly integrates into your organization by pushing data into popular SIEM platforms such as Splunk and QRadar. Multiple syslog destinations are supported, enabling data integration with a variety of other systems.